https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

New cyberattack campaign uses public cloud infrastructure to spread RATs

New cyberattack campaign uses public cloud infrastructure to spread RATs

  • Written by Donny Jackson
  • 13th January 2022

A recently discovered attack campaign uses public cloud infrastructure to deliver variants of commodity remote access Trojans (RATs)–Nanocore, Netwire, and AsyncRATs–to target users’ data, researchers report.

This campaign, detected in October, underscores how attackers are increasing their use of cloud technologies to achieve their goals without having to host their own infrastructure, report the Cisco Talos researchers who observed it. It’s the latest example of adversaries using cloud services, such as Microsoft Azure and Amazon Web Services, to launch their attacks.

“These types of cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments,” researchers wrote in a blog post. The strategy has another benefit, they added: “It also makes it more difficult for defenders to track down the attackers’ operations.”

Most victims in this case are in the United States, Italy, and Singapore, Cisco Secure product telemetry indicates. The remote administration tools (RATs) they’re targeted with are built with multiple features to take control of an environment, remotely execute commands, and steal the target’s information.

An attack starts with a phishing email that contains a malicious ZIP attachment. The ZIP file is an ISO image containing the loader in JavaScript, Visual Basic script, or Windows batch file format. The attackers have attempted to trick recipients by disguising the email as a fake invoice file.

The unknown attackers behind this campaign use four levels of obfuscation for the downloader. Each stage of the deobfuscation process leads to decryption methods for the following stages, which ultimately lead to the download of the final payload. When the initial script is executed on a target machine, it connects to a download server that downloads the next stage, which can be hosted on an Azure-based Windows server or an AWS EC2 instance, researchers said.

To deliver the malware, the attackers registered multiple malicious subdomains using DuckDNS, a free dynamic DNS service that allows a user to create subdomains and maintain the records using the DuckDNS scripts. Some of the malicious subdomains resolve to the download server on Azure Cloud; others resolve to the servers operated as command-and-control (C2) for RATs.

To read the complete article, visit Dark Reading.

 

Tags: Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software State & Local Government System Operation Tracking, Monitoring & Control Partner content

Most Recent


  • CMA plans to release Airwave price-control order by end of July, impacting Motorola Solutions
    An order that would set price controls on the Airwave TETRA network that would cost Motorola Solutions more than $1 billion is expected to take effect within the next two month, although Motorola Solutions has indicated that its appeals likely will delay the effective date until next year. Last month, the UK Competition and Markets […]
  • Why antivirus cannot protect your car
    In July last year, BMW announced its intention to make heated seats an $18-per-month subscription service. A week later, a group of hackers called Easy Bimmer Coding claimed they were prepared to help any BMW owner to unlock the subscription-only feature. The majority of today’s cyber-threats are more like the one described above, relatively low-profile […]
  • ChatGPT hallucinations open developers to supply-chain malware attacks
    Attackers can exploit ChatGPT’s penchant for returning false information to spread malicious code packages, researchers have found. This poses a significant risk for the software supply chain, as it can allow malicious code and trojans to slide into legitimate applications and code repositories like npm, PyPI, GitHub and others. By leveraging so-called “AI package hallucinations,” threat actors can create ChatGPT-recommended, […]
  • What Amazon’s privacy breaches say about smart-device cybersecurity
    Amazon was recently fined more than $30 million for customer privacy breaches, demonstrating the rising need for cybersecurity and data protection at a time where smart devices are becoming increasingly common. While there is some legislation in place accommodating smart devices, the sheer volume of devices coming online is still proving an industry bottleneck, and a […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Russia takes down REvil ransomware operation, arrests key members
  • Report: Cyber threats are on the rise while public defense measures lag
  • New cyberattack campaign uses public cloud infrastructure to spread RATs
    Newscan: Cyber threats against utilities grow in complexity
  • Cloud apps replace web as source for most malware downloads

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.